Skip to content

Commit c1f18a7

Browse files
anil-marvellanil-marvell
committed
crypto: marvell: Add crypto engine support for cn20k
Add eHSM AES crypto engine support for cn20k, MAILBOX-1 is used for authenc and cipher crypto offload operations. Signed-off-by: Anil Kumar Reddy <[email protected]>
1 parent 6dd04c3 commit c1f18a7

File tree

8 files changed

+1460
-0
lines changed

8 files changed

+1460
-0
lines changed

core/arch/arm/plat-marvell/conf.mk

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,8 @@ $(call force,CFG_CORE_ARM64_PA_BITS,48)
166166
$(call force,CFG_LPAE_ADDR_SPACE_BITS,36)
167167
$(call force,CFG_PL011,y)
168168
$(call force,CFG_ARM_GICV3,y)
169+
$(call force,CFG_MARVELL_CRYPTO_DRIVER,y)
170+
$(call force,CFG_REE_FS_HTREE_HASH_SIZE_COMPAT,n)
169171
CFG_USER_TA_TARGETS ?= ta_arm64
170172
CFG_NUM_THREADS ?= CFG_TEE_CORE_NB_CORE
171173
CFG_CORE_HEAP_SIZE ?= 131072
@@ -184,6 +186,8 @@ $(call force,CFG_CORE_ARM64_PA_BITS,48)
184186
$(call force,CFG_LPAE_ADDR_SPACE_BITS,36)
185187
$(call force,CFG_PL011,y)
186188
$(call force,CFG_ARM_GICV3,y)
189+
$(call force,CFG_MARVELL_CRYPTO_DRIVER,y)
190+
$(call force,CFG_REE_FS_HTREE_HASH_SIZE_COMPAT,n)
187191
CFG_USER_TA_TARGETS ?= ta_arm64
188192
CFG_NUM_THREADS ?= CFG_TEE_CORE_NB_CORE
189193
CFG_CORE_HEAP_SIZE ?= 131072

core/drivers/crypto/marvell/cn20k/ehsm-aes.c

Lines changed: 243 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,243 @@
1+
// SPDX-License-Identifier: BSD-2-Clause
2+
/*
3+
* Copyright (C) 2025 Marvell.
4+
*/
5+
6+
#include <stdint.h>
7+
8+
#include "ehsm.h"
9+
#include "ehsm-aes.h"
10+
#include "ehsm-hal.h"
11+
#include "ehsm-security.h"
12+
13+
enum sec_return ehsm_aes_zeroize(struct ehsm_handle *handle)
14+
{
15+
struct ehsm_command cmd = { };
16+
enum ehsm_status estat = STATUS_SUCCESS;
17+
18+
ehsm_clear_command(&cmd);
19+
20+
cmd.opcode = BCM_AES_ZEROIZE;
21+
estat = ehsm_command(handle, &cmd);
22+
if (estat != STATUS_SUCCESS)
23+
return (enum sec_return)estat;
24+
25+
return SEC_NO_ERROR;
26+
}
27+
28+
enum sec_return ehsm_aes_init(struct ehsm_handle *handle,
29+
bool decrypt,
30+
enum ehsm_aes_key_size key_size,
31+
enum ehsm_aes_mode aes_mode,
32+
uint8_t ctr_modular,
33+
bool endian_swap)
34+
{
35+
struct ehsm_command cmd = { };
36+
enum ehsm_status estat = STATUS_SUCCESS;
37+
38+
if (aes_mode == EHSM_AES_MODE_CTR) {
39+
if (ctr_modular >= 128)
40+
return SEC_INVALID_PARAMETER;
41+
} else if (aes_mode == EHSM_AES_MODE_GCM) {
42+
return SEC_INVALID_PARAMETER;
43+
} else if (ctr_modular != 0) {
44+
return SEC_INVALID_PARAMETER;
45+
}
46+
if (key_size != (key_size & 0x180))
47+
return SEC_INVALID_PARAMETER;
48+
49+
ehsm_clear_command(&cmd);
50+
51+
cmd.args[0] = decrypt;
52+
cmd.args[1] = key_size;
53+
cmd.args[2] = aes_mode;
54+
cmd.args[3] = ctr_modular;
55+
cmd.args[8] = endian_swap;
56+
cmd.opcode = BCM_AES_INIT;
57+
estat = ehsm_command(handle, &cmd);
58+
return (enum sec_return)estat;
59+
}
60+
61+
enum sec_return ehsm_aes_gcm_init(struct ehsm_handle *handle,
62+
bool decrypt,
63+
uint32_t aad_size,
64+
uint32_t tag_size,
65+
uint32_t iv_size,
66+
const uint32_t *iv,
67+
bool endian_swap)
68+
{
69+
struct ehsm_command cmd = { };
70+
enum ehsm_status estat = STATUS_SUCCESS;
71+
72+
ehsm_clear_command(&cmd);
73+
74+
cmd.args[0] = decrypt;
75+
cmd.args[1] = aad_size;
76+
77+
if (tag_size < 1 || tag_size > 16)
78+
return SEC_INVALID_PARAMETER;
79+
80+
cmd.args[2] = tag_size;
81+
cmd.args[3] = iv_size;
82+
83+
if (iv_size == 0) {
84+
cmd.args[4] = iv[2];
85+
cmd.args[5] = iv[1];
86+
cmd.args[6] = iv[0];
87+
}
88+
89+
cmd.args[7] = endian_swap;
90+
cmd.opcode = BCM_AES_GCM_INIT;
91+
estat = ehsm_command(handle, &cmd);
92+
return (enum sec_return)estat;
93+
}
94+
95+
enum sec_return ehsm_aes_load_key(struct ehsm_handle *handle,
96+
enum ehsm_aes_key_size key_size,
97+
const void *key,
98+
bool secondary_key,
99+
bool endian_swap)
100+
{
101+
struct ehsm_command cmd = { };
102+
enum ehsm_status estat = STATUS_SUCCESS;
103+
104+
ehsm_clear_command(&cmd);
105+
106+
cmd.args[0] = key_size;
107+
cmd.args[1] = ehsm_addr_low(key);
108+
cmd.args[2] = ehsm_addr_hi(key);
109+
cmd.args[3] = secondary_key;
110+
cmd.args[5] = endian_swap;
111+
cmd.opcode = BCM_AES_LOAD_KEY;
112+
estat = ehsm_command(handle, &cmd);
113+
return (enum sec_return)estat;
114+
}
115+
116+
enum sec_return ehsm_aes_load_iv(struct ehsm_handle *handle,
117+
const void *iv,
118+
bool endian_swap)
119+
{
120+
struct ehsm_command cmd = { };
121+
enum ehsm_status estat = STATUS_SUCCESS;
122+
123+
ehsm_clear_command(&cmd);
124+
125+
cmd.args[0] = ehsm_addr_low(iv);
126+
cmd.args[1] = ehsm_addr_hi(iv);
127+
cmd.args[3] = endian_swap;
128+
cmd.opcode = BCM_AES_LOAD_IV;
129+
estat = ehsm_command(handle, &cmd);
130+
return (enum sec_return)estat;
131+
}
132+
133+
enum sec_return ehsm_aes_process(struct ehsm_handle *handle,
134+
const void *src,
135+
void *dest,
136+
uint64_t payload_len_byte,
137+
uint32_t timeout,
138+
bool is_new,
139+
bool is_final,
140+
bool block_tag_gen,
141+
struct ehsm_dtd *src_list,
142+
struct ehsm_dtd *dest_list)
143+
{
144+
struct ehsm_command cmd = { };
145+
enum ehsm_status estat = STATUS_SUCCESS;
146+
147+
ehsm_clear_command(&cmd);
148+
149+
if (src) {
150+
cmd.args[0] = ehsm_addr_low(src);
151+
cmd.args[1] = ehsm_addr_hi(src);
152+
}
153+
if (dest) {
154+
cmd.args[2] = ehsm_addr_low(dest);
155+
cmd.args[3] = ehsm_addr_hi(dest);
156+
}
157+
158+
reg_pair_from_64(payload_len_byte, &cmd.args[5], &cmd.args[4]);
159+
cmd.args[6] = is_new;
160+
cmd.args[8] = timeout;
161+
cmd.args[10] = is_final;
162+
cmd.args[11] = block_tag_gen;
163+
if (src_list) {
164+
cmd.args[12] = ehsm_addr_low(src_list);
165+
cmd.args[13] = ehsm_addr_hi(src_list);
166+
}
167+
if (dest_list) {
168+
cmd.args[14] = ehsm_addr_low(dest_list);
169+
cmd.args[15] = ehsm_addr_hi(dest_list);
170+
}
171+
cmd.opcode = BCM_AES_PROCESS;
172+
estat = ehsm_command(handle, &cmd);
173+
return (enum sec_return)estat;
174+
}
175+
176+
enum sec_return ehsm_context_store(struct ehsm_handle *handle,
177+
enum context_engine_id engine_id,
178+
const void *pcontextid,
179+
const void *ptoken)
180+
{
181+
struct ehsm_command cmd = { };
182+
enum ehsm_status estat = STATUS_SUCCESS;
183+
184+
ehsm_clear_command(&cmd);
185+
186+
cmd.args[0] = engine_id;
187+
188+
if (pcontextid) {
189+
cmd.args[1] = ehsm_addr_low(pcontextid);
190+
cmd.args[2] = ehsm_addr_hi(pcontextid);
191+
}
192+
if (ptoken) {
193+
cmd.args[3] = ehsm_addr_low(ptoken);
194+
cmd.args[4] = ehsm_addr_hi(ptoken);
195+
}
196+
cmd.opcode = EHSM_CONTEXT_STORE;
197+
estat = ehsm_command(handle, &cmd);
198+
return (enum sec_return)estat;
199+
}
200+
201+
enum sec_return ehsm_context_load(struct ehsm_handle *handle,
202+
enum context_engine_id engine_id,
203+
uint32_t context_id,
204+
const void *ptoken)
205+
{
206+
struct ehsm_command cmd = { };
207+
enum ehsm_status estat = STATUS_SUCCESS;
208+
209+
ehsm_clear_command(&cmd);
210+
211+
cmd.args[0] = engine_id;
212+
cmd.args[1] = context_id;
213+
214+
if (ptoken) {
215+
cmd.args[2] = ehsm_addr_low(ptoken);
216+
cmd.args[3] = ehsm_addr_hi(ptoken);
217+
}
218+
cmd.opcode = EHSM_CONTEXT_LOAD;
219+
estat = ehsm_command(handle, &cmd);
220+
return (enum sec_return)estat;
221+
}
222+
223+
enum sec_return ehsm_context_release(struct ehsm_handle *handle,
224+
enum context_engine_id engine_id,
225+
uint32_t context_id,
226+
const void *ptoken)
227+
{
228+
struct ehsm_command cmd = { };
229+
enum ehsm_status estat = STATUS_SUCCESS;
230+
231+
ehsm_clear_command(&cmd);
232+
233+
cmd.args[0] = engine_id;
234+
cmd.args[1] = context_id;
235+
236+
if (ptoken) {
237+
cmd.args[2] = ehsm_addr_low(ptoken);
238+
cmd.args[3] = ehsm_addr_hi(ptoken);
239+
}
240+
cmd.opcode = EHSM_CONTEXT_RELEASE;
241+
estat = ehsm_command(handle, &cmd);
242+
return (enum sec_return)estat;
243+
}

0 commit comments

Comments
 (0)